Microsoft has released a 1.0 Preview of ProcMon (Process Monitor) for Linux. The company has published the source code for this program on GitHub under the MIT license.
Previously, the ProcMon utility was available only for Windows and was part of Sysinternals, a set of free programs for administering and monitoring computers running this operating system.
ProcMon for Linux allows developers to monitor the state of processes as well as analyze system calls in console.
Currently ProcMon 1.0 Preview can only be installed and run on Ubuntu 18.04 with kernel version 4.18 through 5.3. Some users tried to build and install this utility on Ubuntu 20.04, but they were unable to do so. Microsoft plans to provide support for ProcMon in other Linux versions in the future and to expand the functionality of this utility in the stable version.
You can install it by cloning the repo from the Microsoft repository (cmake version >= 3.14, libsqlite3-dev >= 3.22 are required), or get the deb file directly procmon_1.0.0-291_amd64.deb.
For the utility to work, you need to install the following dependencies:
- bison
- build-essential
- flex
- git
- libedit-dev
- libllvm6.0
- llvm-6.0-dev
- libclang-6.0-dev,
- python
- zlib1g-dev
- libelf-dev
In addition, the utility requires the installation of the BCC toolkit (BPF Compiler Collection).
Now with the help of ProcMon, you can not only display the necessary information about processes and system calls on the screen, but also get summary reports on specific processes and calls, as well as write captured events to a file.